[libhtml-scrubber-perl] 01/01: [SECURITY] CVE-2015-5667: Backport upstream patch fixing a cross-site scripting vulnerability in comments. (Closes: #803943)
Niko Tyni
ntyni at moszumanska.debian.org
Wed Nov 18 20:18:50 UTC 2015
This is an automated email from the git hooks/post-receive script.
ntyni pushed a commit to branch jessie
in repository libhtml-scrubber-perl.
commit ff029d4cd226f50d527b8c7610e71ff9c8a8ca6f
Author: Niko Tyni <ntyni at debian.org>
Date: Sun Nov 15 21:09:39 2015 +0200
[SECURITY] CVE-2015-5667: Backport upstream patch fixing a cross-site scripting vulnerability in comments. (Closes: #803943)
---
debian/changelog | 8 +++
.../0001-Test-and-fix-for-JVN53973084.patch | 65 ++++++++++++++++++++++
debian/patches/series | 1 +
3 files changed, 74 insertions(+)
diff --git a/debian/changelog b/debian/changelog
index 50c1f71..7725826 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+libhtml-scrubber-perl (0.11-1+deb8u1) jessie; urgency=medium
+
+ * [SECURITY] CVE-2015-5667: Backport upstream patch fixing
+ a cross-site scripting vulnerability in comments.
+ (Closes: #803943)
+
+ -- Niko Tyni <ntyni at debian.org> Sun, 15 Nov 2015 21:07:33 +0200
+
libhtml-scrubber-perl (0.11-1) unstable; urgency=low
* Team upload.
diff --git a/debian/patches/0001-Test-and-fix-for-JVN53973084.patch b/debian/patches/0001-Test-and-fix-for-JVN53973084.patch
new file mode 100644
index 0000000..2880204
--- /dev/null
+++ b/debian/patches/0001-Test-and-fix-for-JVN53973084.patch
@@ -0,0 +1,65 @@
+From 3f871371cf40baf37981bc829036d4a444e20124 Mon Sep 17 00:00:00 2001
+From: Nigel Metheringham <nigelm at cpan.org>
+Date: Sat, 10 Oct 2015 15:01:14 +0100
+Subject: [PATCH] Test and fix for JVN53973084
+
+Malformed tags can pass through as comments.
+Thus comments are now only passed through if
+they are well formed - currently defined as
+matching a regular expression.
+
+Origin: backport, https://github.com/nigelm/html-scrubber/commit/e1978cc37867e85c06a84a4651745235010cd6cd
+Bug-Debian: https://bugs.debian.org/803943
+---
+ lib/HTML/Scrubber.pm | 6 +++++-
+ t/jvn53973084.t | 21 +++++++++++++++++++++
+ 2 files changed, 26 insertions(+), 1 deletion(-)
+ create mode 100644 t/jvn53973084.t
+
+diff --git a/lib/HTML/Scrubber.pm b/lib/HTML/Scrubber.pm
+index e8ee4ba..e7c1d42 100644
+--- a/lib/HTML/Scrubber.pm
++++ b/lib/HTML/Scrubber.pm
+@@ -284,7 +284,11 @@ sub _scrub_str {
+ }
+ }
+ elsif ( $e eq 'comment' ) {
+- $outstr .= $text if $s->{_comment};
++ if ( $s->{_comment} ) {
++
++ # only copy comments through if they are well formed...
++ $outstr .= $text if ( $text =~ m|^<!--.*-->$|ms );
++ }
+ }
+ elsif ( $e eq 'process' ) {
+ $outstr .= $text if $s->{_process};
+diff --git a/t/jvn53973084.t b/t/jvn53973084.t
+new file mode 100644
+index 0000000..7767609
+--- /dev/null
++++ b/t/jvn53973084.t
+@@ -0,0 +1,21 @@
++# Tests related to JVN53973084
++
++use strict;
++use warnings;
++use Test::More;
++
++use_ok('HTML::Scrubber');
++
++my @allow = qw[
++ hr
++];
++
++my $html_1 = q[<hr><a href="javascript:alert(1)"<hr>abc];
++my $html_2 = q[<img src="javascript:alert(1)"];
++foreach my $comment_value ( 0, 1 ) {
++ my $scrubber = HTML::Scrubber->new( allow => \@allow, comment => $comment_value );
++ is( $scrubber->scrub($html_1), '<hr>abc', "correct result (1) - with comment => $comment_value" );
++ is( $scrubber->scrub($html_2), '', "correct result (2) - with comment => $comment_value" );
++}
++
++done_testing;
+--
+2.6.2
+
diff --git a/debian/patches/series b/debian/patches/series
new file mode 100644
index 0000000..5e38bf3
--- /dev/null
+++ b/debian/patches/series
@@ -0,0 +1 @@
+0001-Test-and-fix-for-JVN53973084.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-perl/packages/libhtml-scrubber-perl.git
More information about the Pkg-perl-cvs-commits
mailing list